Senate committee votes to ban “stalker apps”

GOP senators may look to ban tracking apps but give leeway to other services.

If a bill being pushed by Sen. Al Franken (D-Minn.) becomes law, mobile apps will have to ask a smartphone user's permission before they use any locational information. Many popular apps already do that, but Franken's bill would make it a legal requirement.

The proposal passed an important hurdle today, as the Senate Judiciary Committee voted to advance the bill. Some commercial interests, including a major software group, have opposed the bill. So far committee Republicans have been receptive to their complaints.

However, today's vote showed both Republicans and Democrats on the committee appear to be united on one issue—that so-called "stalker apps" need to be banned. The senior Republican on the committee, Sen. Chuck Grassley (R-Iowa), said he supports the parts of the bill banning these apps, but is concerned about other parts of the bill, The Hillreported today.

The lack of regulations outlawing these stalker apps has created opportunities for companies like Retina Software. That company offers a $50 "stealth phone spy software" called ePhoneTracker according to a report by The Associated Press on Franken's bill (called the Location Privacy Protection Act). "Suspect your spouse is cheating?" asks Retina Software's website. "Don't break the bank by hiring a private investigator."

Such apps can be secretly installed on cell phones and allow for surreptitious tracking. Stalking and wiretapping are already illegal, so it's possible using such apps already violates the law in many circumstances. Franken's proposal would make the companies who sell and operate such apps liable as well, however. An exception would exist for parents who install tracking apps on a child's phone.

"I believe that Americans have the fundamental right to control who can track their location, and whether or not that information can be given to third parties," Franken said today. "But right now, companies—some legitimate, some sleazy—are collecting your or your child’s location and selling it to ad companies or who knows who else. Passing my bill out of committee means we're one step closer to ending this practice and ensuring people's privacy."

Given that the debate over the "fiscal cliff" is likely to overshadow everything else in December, it seems unlikely Franken's bill will move forward before next year.

Whether it asks for permission or not, in some circumstances and jurisdictions these apps have no legal use whatsoever. The stalker apps are already illegal in many places, and this legislation provides for accountability for a company that is making a product which has no legal use.

Whether it asks for permission or not, in some circumstances and jurisdictions these apps have no legal use whatsoever. The stalker apps are already illegal in many places, and this legislation provides for accountability for a company that is making a product which has no legal use.

What do you mean "no legal use"? Shouldn't users be able to decide the app's utility, so long as they're aware of what information the app gets?

Android apps already ask the user for permissions and this is one of the permissions they ask for. So it wouldn't affect Android apps. I don't know about iOS or Windows phone apps.

Yes, all the mobile OS's do this. I think this law is about malware that bypasses this check and/or surreptitiously putting this on someone else's phone, and Android's side-loading and rooting abilities probably means it actually will apply to it more than the others.

Whether it asks for permission or not, in some circumstances and jurisdictions these apps have no legal use whatsoever. The stalker apps are already illegal in many places, and this legislation provides for accountability for a company that is making a product which has no legal use.

"Void where prohibited by law," protects the seller and shifts the burden of accountability to the buyer, and that's really all it does. There is no additional or ongoing liability, penalty, or accountability for the company making the product - they've done their part. If you don't make it completely illegal to sell the product, period, then you might as well not bother unless "keeping honest people honest" is where the bar is set.

An exception would exist for parents who install tracking apps on a child's phone.

"I can't wait till I turn 18, my parents forget to uninstall their tracking apps, and I can SUE!"

If you're freshly 18 and stand to gain more from a lawsuit against your parents than you stand to lose from permanently alienating your parents, you're in the minority indeed.

Re: Franken: Overall Franken may very well be an upright guy but he IS an IP lobby stooge. Franken was/is a SOPA/PIPA co-sponsor/supporter. I will not forget. And I will not forgive. At least not until Franken puts his money where his mouth is and votes the other way. I don't see that coming anytime soon.

Whether it asks for permission or not, in some circumstances and jurisdictions these apps have no legal use whatsoever. The stalker apps are already illegal in many places, and this legislation provides for accountability for a company that is making a product which has no legal use.

"Void where prohibited by law," protects the seller and shifts the burden of accountability to the buyer, and that's really all it does. There is no additional or ongoing liability, penalty, or accountability for the company making the product - they've done their part. If you don't make it completely illegal to sell the product, period, then you might as well not bother unless "keeping honest people honest" is where the bar is set.

And that is all it should do. If the buyer misuses something, or doesn't understand what they are downloading and the legality of it themselves that is NOT the sellers issue. Is it the cyberlocker's fault that someone misuses its resources? No. Why should these app creators be hamstrung because someone uses it in an illegal manner?

Yep. that's the way it should work. If I want Google search to return shit from my neighborhood, I'll type in "escort services - mountain view"

saving me typing in mountain view sucks when all Google is doing is logging my every g'dam step. I don't like big brother Google breathing down my neck every step of my digital life. If I want something I'll say what I want to search for.

sheez. what baloney spying on customers is. not too long ago, these arrogant assholes at Google and Facebook would never steal personal private information - they had some dignity. Now, they both just loathe their customers, the government of the people, and are in love with themselves.

People are a bunch of freaking numbers to be sold to the highest bidder apparently. Booo.

I'd have to know more about this (but don't care to read it at midnight; I should have known better than to check my RSS feed), but I can see points for concern.

For instance, does it have to ask the user every time? That would annoy the piss out of me.

If not, what about transfers of possession? If I give my phone, with Yelp or something enabled, to my buddy can he then complain?

What about e.g. FindMyPhone, once the phone's stolen? (I would assume this is covered under some sort of "you don't actually own something you steal" rule, but I assume a lot of things about laws that end up being oddly incorrect.)

And I can see the software designers having issues, as what if I were to take my (depressingly nonexistent) girlfriend's phone and enable something like Google Latitude? Why should Google be responsible? (Presupposing it doesn't ask every time, because I damned well don't want it to.)

- By default do not track or spy or inquire about the users life, location, affinities, family, friends or personal matters. Let users opt-in when users find tracking beneficial and only in those circumstances.

- Never, under any circumstance, sell or share private information without the user's explicit consent.

- Only companies that have physical assets in the US to be allowed to ask, track, inquire...etc. so that misuse of the information about location, affinities or other personal use can be liquidated to compensate for said misuse.

All principles can be subverted but laws based on this principle would make it much more difficult and that would be the point.

WELL THEN. This certainly makes up for the drone surveillance and black boxes in our cars. Not to mention dumping all our emails and digital communications into long term storage to use against us later.

Just another law that is not needed. This is an issue the marketplace can handle quite well. "Oh this awesome calculator app needs administrative rights to my phone...um no thank you.". Protecting consumers from their own stupidity is really not the function of the US government. In situations for installing applications on other parties phones, we already have criminal statutes for that.

Wake up people these are our liberties they take from us one small bit at a time. Good intention laws like this usually never produce the desired results and the collateral damage is almost always worse than the problem they try to fix.

Android apps already ask the user for permissions and this is one of the permissions they ask for. So it wouldn't affect Android apps. I don't know about iOS or Windows phone apps.

Yes, all the mobile OS's do this. I think this law is about malware that bypasses this check and/or surreptitiously putting this on someone else's phone, and Android's side-loading and rooting abilities probably means it actually will apply to it more than the others.

I would be more interested in a control that allows you to specify which other persons or devices are allowed to know your location. I wouldn't mind an app that allows me to know where my children are, or allows my wife and children to find me. That would be a useful category of application. But one that allows others to know my location without authorizing each individual is something I wouldn't want on my phone or in my life.

BTW, isn't surrpetitiously putting a program on somebody else's computing device already against the law?

I haven't read the bill, but I would like to know what is a "stalker app". There are a lot of apps out there are designed to track the phone for any number of purposes. A number of them are on the phone specifically for purpose tracking the phone in the event of being stolen or lost. They are designed to be hidden and difficult to remove. Couldn't such software be considered a stalking app?

Beyond that how about features like Google Latitude? If you have access to someones phone couldn't you just turn that on and thus be "stalking" them?

Once again I'm thinking emotionally charged language is going to be used to craft a bad law that is going limit a potentially beneficial feature and limit the future development of useful applications of tracking data.

Online companies continue to try and gather data about you and me. If it's not one thing it's another. For example, Verizon Wireless is now putting something they call "Backup Assistant on every phone they provide. Periodically, this app uploads the contents of your address book (and what else, I wonder?) to a location in the Cloud. Verizon makes no promises about security from others or from Verizon, for that matter, and knowing about the lack of security for data stored in the Cloud that's serious. What's ominous is that Verizon will not remove Backup Assistant from your phone and it can't be turned off. Since there are a number of good and inexpensive applications that will let you back up your own contact list without resorting to the Web I must wonder why it's impossible to stop using it.

One answer, for the long run at least, is to complain to the FTC every time you encounter anything like this. Complain loudly and often. I don't like government regulation but sometimes there are things that must be addressed and any kind of spying on your cellphone - for whatever the reason they tell you - is just wrong. There is too much chance of a security breach or, worse yet, your carrier selling valuable information about you.

Yes, a lot of these apps have "potential benefits". Remember what Mark Twain said, however; "The road to Hell is paved with good intentions." I don't oppose apps that can reveal your location to a third party just that they are mandatory. IMO every such app should hav a way to disable it and/or remove it completely.

Yes, all the mobile OS's do this. I think this law is about malware that bypasses this check and/or surreptitiously putting this on someone else's phone, and Android's side-loading and rooting abilities probably means it actually will apply to it more than the others.

Android prompts you to approve permissions regardless of where the app is installed from. So Play Store, Amazon App Store, Humble Bundle, or generic side loading all prompt for permissions first. Here is an example screenshot of this in action. I do not believe Android will be more or less affected than the other mobile OS's.

Yes, all the mobile OS's do this. I think this law is about malware that bypasses this check and/or surreptitiously putting this on someone else's phone, and Android's side-loading and rooting abilities probably means it actually will apply to it more than the others.

Android prompts you to approve permissions regardless of where the app is installed from. So Play Store, Amazon App Store, Humble Bundle, or generic side loading all prompt for permissions first. Here is an example screenshot of this in action. I do not believe Android will be more or less affected than the other mobile OS's.

Is it possible for a developer to bypass the permissions checks and/or prompts in Android (or in your mobile OS of choice)? I have no idea, but the answer to that question is pretty important.

Yes, all the mobile OS's do this. I think this law is about malware that bypasses this check and/or surreptitiously putting this on someone else's phone, and Android's side-loading and rooting abilities probably means it actually will apply to it more than the others.

Android prompts you to approve permissions regardless of where the app is installed from. So Play Store, Amazon App Store, Humble Bundle, or generic side loading all prompt for permissions first. Here is an example screenshot of this in action. I do not believe Android will be more or less affected than the other mobile OS's.

Is it possible for a developer to bypass the permissions checks and/or prompts in Android (or in your mobile OS of choice)? I have no idea, but the answer to that question is pretty important.

If they had your phone hooked up to a computer with ADB running and the phone had USB debugging on, it may be possible. It wouldn't be a quick in and out by any means though. You would also still be able to uninstall the app incredibly easily once you spotted it on your phone.

Yes, all the mobile OS's do this. I think this law is about malware that bypasses this check and/or surreptitiously putting this on someone else's phone, and Android's side-loading and rooting abilities probably means it actually will apply to it more than the others.

Android prompts you to approve permissions regardless of where the app is installed from. So Play Store, Amazon App Store, Humble Bundle, or generic side loading all prompt for permissions first. Here is an example screenshot of this in action. I do not believe Android will be more or less affected than the other mobile OS's.

Is it possible for a developer to bypass the permissions checks and/or prompts in Android (or in your mobile OS of choice)? I have no idea, but the answer to that question is pretty important.

If they had your phone hooked up to a computer with ADB running and the phone had USB debugging on, it may be possible. It wouldn't be a quick in and out by any means though. You would also still be able to uninstall the app incredibly easily once you spotted it on your phone.

Thanks! I think that puts bypassing checks and prompts in the class of malware that requires a PC user to take several ill-advised steps in succession, or that requires physical access to the machine. That doesn't mean that some users won't install it and click-through anyway - only that they'll have to grant the permissions willingly, or that the device is beyond their physical control for some period of time. (The latter might apply to parents/children, and the use of employer-provided hardware, if not consumers in general.)

An exception would exist for parents who install tracking apps on a child's phone.

Maybe I'm missing something, but it looks like any company could skirt this law by including a "only for use in monitoring your children" disclaimer. They'd probably also have to avoid any "track your spouse" advertising.

While I appreciate the interest in protecting your location information, this doesn't at all address all of the location information that the telecom companies can gather about you, since they're the ones running the equipment that implicitly knows where you are to operate. I'm not saying that this information needs to go away (I don't see how that's technically possible while still maintaining a well functioning cellular system), but I would like it very much if there was a lot more visibility on what was being done with this location information.

Otherwise, this is just another unnecessary law to stop things that are already illegal in other ways, and just gives a false sense of security regarding location tracking information.

Further, it needs to be illegal to force someone to agree to tracking through employment or contract. This right to privacy needs to be absolute. However, there are times when an adult may elect to opt-in for tracking and that should be allowed to do so.

Any opt-in choice should be just for tracking, not any other portion of a service. Facebook, google and others should not be allowed to demand tracking to provide access to other non-tracking services.

Another valid exception to the bill needs to be made to allow children to track their parents with life-threatening conditions like Alzheimer's. If they wander outside of a particular zone, the child receives a notification of such. That is, is one can get the parent with Alzheimer's to carry the cellphone in the first place.

Another exception to the bill needs to be made to allow males from Saudi Arabia to track their women. As this is already being done in Saudi Arabia at the present time, one would not want to criminalize the existing Saudi developers of these apps. For example, when a female relative is preparing to board a flight out of Saudi Arabia, the male designated as the "head of the family" receives a text message indicating the female's pending boarding status.

In addition, an exception needs to be made for any male of a designated religious group to be able to track their adherents. Any abrogation of this ability would be an unacceptable breach of the separation of church and state. As most all religions are patriarchal in nature, therefore only an exception for males need be made. No exceptions for females need to be made as they are, according to the recent Republican election rhetoric, to return to the home and resume their proper places as demure, passive, chaste homemakers totally subservient to the male head-of-the-household.

Finally, an exception needs to be made for the government to track anyone at anytime in any way by any means desired without the need for a warrant whatsoever.